European Credit and Debit Card Security Broken

Jack Spine writes "With nearly a billion users dependent on smart banking credit and debit cards, banks have refused liability for losses where an idenification number has been provided. But now, the process behind the majority of European credit and debit card transactions is fundamentally broken, according to researchers from Cambridge University. The researchers have demonstrated a man-in-the-middle attack which fooled a card reader into accepting a number of point-of-sale transactions, even though the cards were not properly authenticated. The researchers used off-the-shelf components (PDF), and a laptop running a Python script, to undermine the two-factor authentication process on European credit and debit cards, which is called Chip and PIN."

Chip and Chip security... wait a second!

[LostCluster]

Seems like the problem with this system is that the problem is that the PIN is stored on the chip... and that's just as stupid as writing it on the card! The attacks are simple... either a card that always agrees the PIN given is correct, or a terminal that tries to authenticate all 10000 PINS and then learns the right one.

Payment processors have for years been wanting to have an offline secure system, but it just doesn't work. With cheap enough data systems available everywhere, it's not hard for every Wal-Mart most rural gas stations to see a satellite. Get a $20/mo. dial-up account if you have to... there's no reason for anything that does money to be off the grid.

If the PIN is stored online like traditional ATM cards, then there would be a quick way to be sure there's honest checking of the pin and alarms if somebody fails too many times. The American "contact" systems are actually reasons to not require a signature or a PIN... but those are also designed for small-dollar transactions and keeping the fast food line moving. Sure, they're open to cloning risk, but they're willing to take that downside because there's enough upside to using the system.

Re:Chip and Chip security... wait a second!

[spun]

It seems this system was designed expressly to limit bank's liability by providing the illusion of security. "Oh, fraudulent charges, are they? But you entered your PIN... Can you prove your PIN was compromised? no? Tough then, pay up."

Re:Chip and Chip security... wait a second!

[LostCluster]

MitM would just learn this and deny once and then accept whatever is sent the second time.

I call the scheme you're promoting as "hut-hut-HIKE" security. Jump offsides on a false call and you're in trouble. If there's a random number of fakes before the real one comes through, then you've got something.

Re:Chip and Chip security... wait a second!

[LostCluster]

I think voting has been more or less "solved" with paper ballots, and a person and machine that will help you mark a paper ballot should you need assistance.

Re:Chip and Chip security... wait a second!

[AVee]

I'm fairly certain that's at least a risky thing to do. Assuming the chips in the UK behave pretty much the same as those in the Netherlands, the chip will lock up and refuse to authorize anything after 3 failed attempts in a row. Up to the point where you have to go to your bank and request a new card, it won't (and hopefully can't) be reset.
Now imagine mistakenly using the PIN from your other card in a terminal which decides to pre-test with 2 random PINs.

Regardless, even though this attack is not technically extremely complex, it isn't that easy to pull it of in practice. You need to steel a card, and use a fake cards with wires dangling from it in a shop. You also need to buy something which isn't registered to your name in any way, which is easy to convert to cash, valuable enough to make it worth the risk and effort and preferably sold somewhere without CCTV.
It sure isn't impossible, but it's probably easier to earn your illegal cash some other way.

Not really surprising...

[davebert]

Chip & Pin has never been about minimising fraud - it's about pushing the responsibility from the banks onto the customers. And they're doing the same thing with the ridiculous Verified By Visa programme which just trains people to fall for phishing scams.

Re:Not really surprising...

[Tanktalus]

But do you have any reason to say that they aren't actually interested in preventing fraud?

Because they keep outsourcing the development of a mission-critical security system to the lowest bidder instead of the most qualified. They probably throw in laughable constraints, too, such as having to work on existing POS terminals.

If they were truly interested in preventing fraud instead of denying liability (while still getting to say in marketing that they protect you from fraud), they would contract the design of this system out to some real security experts - and, given the obvious quality of their design team in matters of security, they could post the job offer on slashdot to get some reasonable candidates - who would then use a public-private key encryption scheme where the POS terminal's public key would have to be signed by the credit card authority's private key, which could be verified by the chip by using the public key therein, and then the chip would use that public key to encrypt its own public key, which would be used by the POS terminal to encrypt the PIN that the user typed in, and send it back. And then, no matter whether the PIN is valid or not, the chip would send back some sort of data encrypted with the POS' public key again. That data would decrypt to something that was encrypted with the credit card company's public key, so that the POS terminal would then have to send it back to the credit card center (Visa, MC, Amex, whatever) to get it decrypted (along with its own public key so the credit card company could re-encrypt its response) to validate. The data sent back to the credit card company would include: the encrypted confirmation from the card (plus some random data that can get chopped off, e.g., some JSON-like data: '{verified:true,defeat-listeners:"adsh65ouhdsakljt"}' would be easy enough for the credit card company to get what it needs while discarding the rest while resulting in the packet changing every time), the amount of the transaction, the public key of the POS terminal, all encrypted again with the upstream public key. Upstream could decrypt, extract, and decrypt again. Oh yeah, and before the chip gets printed, its own public key would have to be signed by the credit card company, just to make it that tiny bit more difficult to forge.

For a laptop to sit in the middle and get anything out of such a system would be practically impossible. And, if done right, defeating it once won't mean easy-sailing after that. Maybe an electron-microscope on an exposed chip might help ... but even then, I'm not sure it'd help enough.

And before real security experts jump on me, this is just something I thought up over the last ten minutes. If I were given a $50,000 consulting contract to design this, I'd spend far more than 10 minutes on it, and might find some of the kinks that are likely obvious to much more experienced people than I.

Re:Man in the middle is Greece!

[LostCluster]

They finally figured out how to get someone to bail them out

There... fixed that for you.

If the were a Nobel Prize for ignorance ...

If they were smart enough to do that they wouldn't be in the mess to start with. Fucking wops.

Thank you for confirming the stereotype of American

1) arrogance,
2) redneck-ism,
3) ignorance of domestic issues,
4) ignorance of foreign issues, and
5) racism

in a mere 19 words. If there was a Nobel Prize for dumbest twat, you'd be a shoe-in.

We Already Know This

[segedunum]

This has been known for years. The machines and man-in-the-middle attacks are obvious, simply because you cannot verify the authenticity of any machine that you stick your card into and type your PIN. You have no clue that any one of them is doing what you think it should be doing. ATM machines are bad enough, but at least there is some sort of trust over the fact they are at a fixed point and there is some form of physical security around them. With chip and pin machines all you have is utterly blind faith that you have no choice but to accept, and then you get blamed for being insecure by the banks when the inevitable happens.

What have we heard about this in the mainstream press and media? Nothing. People, and those with a vested interest, obviously just want to deny that it can happen.

Re:We Already Know This

[russotto]

Chip and pin is definitely better then card swipe, or card swipe and pin.

Card swipe and PIN appears to be better. While I can easily copy a card, there's no way I can manufacture a card which will work with any PIN.

The only problem is the banks are treating the increase in security as absolute security, and refusing to handle any fraud concerning a chip and pin transaction.

This is one of the areas where the US is actually ahead of the game. For credit cards, there's $50 liability maximum for the cardholder. For ATM/debit cards, it's also $50 if you notify them within 2 days, but $500 if you notify them within 60 days, of finding out about it. They can't just say "Impossible" and have you jailed for having the temerity to claim a charge was fraudulent (as has happened in the UK).

No, you actually don't know

[spun]

You know what helps you sound informed and intelligent? Reading the article. You know what makes you sound, well, silly? Not reading the article. Here's a clue to spark your interest: it isn't the card readers that are performing the man in the middle, it is the person in possession of the card performing the attack against a standard card reader.

APACS rumbled - all scarper

[dugeen]

The idea of forcing people to enter PINs into any machine controlled by a retailer was ridiculous from day one - the supposed extra security of Chip & Fraud was merely a way for the banks to transfer liability for fraud to the customer. (Happily the FSA has now forbidden them to do this unless they have actual genuine proof that the customer gave away their PIN - well done guys, springing into action after only 4 years of complaints).